Skip to main content

Proof of Compliance: Linking to Your Software's EU Declaration of Conformity

Your EU Declaration of Conformity (DoC) is your formal statement that your software meets the Cyber Resilience Act's requirements. Users and authorities need access to it. For software, this often means providing a direct link (Annex II, point 6).

Making the DoC Accessible

If your software product requires an EU Declaration of Conformity under the CRA, you must provide:

  • The Internet Address (URL): A direct, stable web link where the full EU Declaration of Conformity can be accessed.

This URL should lead to the actual document, not just a generic support page. It needs to be easily findable by users, perhaps in the software's "About" section, its documentation, or on the webpage where the software is sold or downloaded.

For digitally distributed software like apps, games, and libraries, providing a physical DoC isn't always practical. A URL is the modern, efficient way to ensure this important document is available. This aligns with how manufacturers are already allowed to provide a simplified DoC with a link to the full version (Article 13, point 20).

Remember, the DoC is your responsibility as the manufacturer, and it confirms you've done your due diligence regarding the essential cybersecurity requirements.

Key Takeaway

If your software needs an EU Declaration of Conformity, provide a clear, accessible internet address where it can be viewed. This transparency is a requirement under Annex II, point 6.